ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TDP for SAP issue

2015-12-10 10:02:28
Subject: Re: [ADSM-L] TDP for SAP issue
From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 10 Dec 2015 15:00:50 +0000 
Hi Martin!
You have put me on the right track so I dived a little deeper in the encryption 
option in TSM and I discovered that adding this parameter does not enable 
encryption yet, which I was afraid of. You have to add additional parameters 
before the connection is actually encrypted. So I'm relieved!
Thank you very much for your reply!
Kind regards,
Eric van Loon
AF/KLM Storage Engineering


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Martin Janosik
Sent: donderdag 10 december 2015 14:32
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: TDP for SAP issue

Hello Eric,

if you start dsmc and look up help for 'encryptiontype' parameter, will find 
exactly this info which state AES128 is default value.

Syntax

                   .-AES128-.
>>-ENCRYPTIONType--+--------+----------------------------------><
                   '-DES56--'

Parameters

AES128
   AES 128-bit data encryption. AES 128-bit data encryption provides a
   stronger form of data encryption than DES 56-bit data encryption.
   This is the default.

DES56
   DES 56-bit data encryption.

Hope that helps

Martin J.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/10/2015
11:28:27 AM:

> From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 12/10/2015 11:29 AM
> Subject: Re: [ADSM-L] TDP for SAP issue Sent by: "ADSM: Dist Stor 
> Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> Hi Martin!
> You stated " By default AES128 encryption library is attempted". Is 
> that true? By default there is no ENCRYPTIONTYPE parameter in the 
> dsm.sys which means no encryption at all.
> Kind regards,
> Eric van Loon
> AF/KLM Storage Engineering
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Martin Janosik
> Sent: donderdag 10 december 2015 10:46
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: TDP for SAP issue
>
> Hi Eric,
>
> during API initialization some libraries are loaded even if they are 
> not used at all - ie ssl libraries can be loaded even though SSL is 
> not used for client-server connection. This same applies also to 
> encryption libraries. By default AES128 encryption library is attempted.
> But some older TDP applications are not happy if it tries to load
> AES128 encryption library that was installed as part of newer TSM API. 
> In this case you need to fallback to DES56 encryption library (even if 
> you do not intent to use them).
>
> Bye
>
> Martin J.
>
> "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/10/2015
> 09:05:05 AM:
>
> > From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Date: 12/10/2015 09:06 AM
> > Subject: Re: [ADSM-L] TDP for SAP issue Sent by: "ADSM: Dist Stor 
> > Manager" <ADSM-L AT VM.MARIST DOT EDU>
> >
> > Hi Martin!
> > Like I specified in my mail, I do not want to use encryption at all!
> > Encryption is killing for deduplication. But it's a bug that the TDP
> > 6.2 client requires encryption to be switched on before it's working 
> > with the 7.1 API...
> > Kind regards,
> > Eric van Loon
> > AF/KLM Storage Engineering
> >
> > -----Original Message-----
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On 
> > Behalf Of Martin Janosik
> > Sent: woensdag 9 december 2015 16:59
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Subject: Re: TDP for SAP issue
> >
> > Hello,
> >
> > by specifying 'ENCRYPTIONType DES56' in dsm.sys stanza you are just 
> > overwriting default value that is 'ENCRYPTIONType AES128'.
> > If you want to enable encryption for your customer's backup, you 
> > need to specify it explicitly - via 'include.encrypt /.../*' in your 
> > include/exclude list or client option set.
> > Have a look on
> > http://www-304.ibm.com/support/knowledgecenter/SSGSG7_7.1.0/
> > com.ibm.itsm.client.develop.doc/c_encryp_transp.html
> >
> >
> > Martin J.
> >
> > "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/09/2015
> > 03:00:36 PM:
> >
> > > From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> > > To: ADSM-L AT VM.MARIST DOT EDU
> > > Date: 12/09/2015 03:02 PM
> > > Subject: [ADSM-L] TDP for SAP issue Sent by: "ADSM: Dist Stor 
> > > Manager" <ADSM-L AT VM.MARIST DOT EDU>
> > >
> > > Hi guys!
> > > One of my customers has an issue on his TDP for SAP clients. They 
> > > are using TDP for SAP 6.2 and recently we upgraded all TSM clients 
> > > to
7.1.
> > > This caused the TDP clients to fail with the following error:
> > >
> > > ANS1463E (RC5801) Unexpected error in cryptography library.
> > >
> > > In the API error log:
> > >
> > > 11/02/15 14:27:04 ANS1467E ICC routine ICC_SetValue
> > > (ICC_FIPS_APPROVED_MODE) returned: majRC = 2, minRC = 2, desc = 
> > > 'Invalid data value: icclib.c:921'.
> > >
> > > We do not use any encryption, but as soon as the customer adds the 
> > > line ENCRYPTIONTYPE DES56 to the dsm.sys, the backup works! So 
> > > that's what he did, but now I have an issue, because encryption is 
> > > killing for the deduplication on the backend Data Domain...
> > > IBM won't help me with this bug because TDP for SAP 6.2 is out of 
> > > support. The customer does not want to upgrade to TDP for SAP 
> > > 7.1.3 yet because they need to validate this version first.
> > > I could downgrade the BA/API client to 6.2, but then I have to 
> > > force a full back up again for the BA client, because restoring 
> > > 7.1 data with a 6.2 client will most likely not work. So I was 
> > > hoping to find some work-around. Is it maybe possible to somehow 
> > > install the 6.2 API next to the 7.1 API? In that case I need to 
> > > figure out how to make the TDP client use this API version only...
> > > Thank you very much for any help in advance!
> > > Kind regards,
> > > Eric van Loon
> > > AF/KLM Storage Engineering
> > >
> > > ********************************************************
> > > For information, services and offers, please visit our web site:
> > > http://www.klm.com. This e-mail and any attachment may contain 
> > > confidential and privileged material intended for the addressee only.
> > > If you are not the addressee, you are notified that no part of the 
> > > e-mail or any attachment may be disclosed, copied or distributed, 
> > > and that any other action related to this e-mail or attachment is 
> > > strictly prohibited, and may be unlawful. If you have received 
> > > this e-mail by error, please notify the sender immediately by 
> > > return e-mail, and delete this message.
> > >
> > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries 
> > > and/ or its employees shall not be liable for the incorrect or 
> > > incomplete transmission of this e-mail or any attachments, nor 
> > > responsible for any delay in receipt.
> > > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal 
> > > Dutch Airlines) is registered in Amstelveen, The Netherlands, with 
> > > registered number 33014286
> > > ********************************************************
> > >
> > ********************************************************
> > For information, services and offers, please visit our web site:
> > http://www.klm.com. This e-mail and any attachment may contain 
> > confidential and privileged material intended for the addressee only.
> > If you are not the addressee, you are notified that no part of the 
> > e-mail or any attachment may be disclosed, copied or distributed, 
> > and that any other action related to this e-mail or attachment is 
> > strictly prohibited, and may be unlawful. If you have received this 
> > e-mail by error, please notify the sender immediately by return 
> > e-mail, and delete this message.
> >
> > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ 
> > or its employees shall not be liable for the incorrect or incomplete 
> > transmission of this e-mail or any attachments, nor responsible for 
> > any delay in receipt.
> > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal 
> > Dutch Airlines) is registered in Amstelveen, The Netherlands, with 
> > registered number 33014286
> > ********************************************************
> >
> >
> ********************************************************
> For information, services and offers, please visit our web site:
> http://www.klm.com. This e-mail and any attachment may contain 
> confidential and privileged material intended for the addressee only. 
> If you are not the addressee, you are notified that no part of the 
> e-mail or any attachment may be disclosed, copied or distributed, and 
> that any other action related to this e-mail or attachment is strictly 
> prohibited, and may be unlawful. If you have received this e-mail by 
> error, please notify the sender immediately by return e-mail, and 
> delete this message.
>
> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ or 
> its employees shall not be liable for the incorrect or incomplete 
> transmission of this e-mail or any attachments, nor responsible for 
> any delay in receipt.
> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal 
> Dutch Airlines) is registered in Amstelveen, The Netherlands, with 
> registered number 33014286
> ********************************************************
>
>
********************************************************
For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286
********************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TSM troubles, Andrew Carlson
Next by Date:  Re: [ADSM-L] TSM troubles, Nixon, Charles D. (David)
Previous by Thread:  Re: [ADSM-L] TDP for SAP issue, Martin Janosik
Next by Thread:  [ADSM-L] TSM troubles, Stef Coene
Indexes:  [Date] [Thread] [Top] [All Lists]